Synthesia · Synthesia Privacy Policy

Sub-Processor Disclosure and Third-Party Sharing

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Synthesia shares your personal data with a range of third-party companies that help run their platform, including cloud hosting, analytics, and payment services.

Consumer impact (what this means for users)

Your personal data, potentially including biometric recordings, is shared with multiple third-party sub-processors; while Synthesia requires them to maintain security standards, you have no direct contractual relationship with these entities.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Export Your Data
    Email privacy@synthesia.io to submit a data subject access request (DSAR) to obtain details of all third parties with whom your personal data has been shared.

Cross-platform context

See how other platforms handle Sub-Processor Disclosure and Third-Party Sharing and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Each sub-processor represents an additional privacy risk point, and users have limited visibility into how many entities may access their data, including sensitive biometric information used for avatar creation.

View original clause language
We share your personal data with third-party service providers (sub-processors) who assist us in operating our platform, including cloud hosting providers, analytics services, customer support tools, and payment processors. We require all sub-processors to implement appropriate technical and organisational measures to protect your personal data.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: GDPR Art. 28 requires written contracts with all processors and sub-processors imposing equivalent data protection obligations; GDPR Art. 13(1)(e) requires disclosure of recipients or categories of recipients in the privacy notice; CCPA §1798.115 requires disclosure of categories of third parties with whom personal information is shared. ICO, EU DPAs, and CPPA are enforcement authorities. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    FTC has enforcement authority over deceptive or unfair data sharing practices with third parties under FTC Act Section 5.
    File a complaint →

Provision details

Document information
Document
Synthesia Privacy Policy
Entity
Synthesia
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004285
Document ID
CA-D-00470
Evidence Provenance
Source URL
https://www.synthesia.io/privacy-policy
Wayback Machine
View archived versions →
SHA-256
7648d9071447f69ed848238281e6ab982ee2d650c8e20eb74c961b356314a183
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Synthesia | Document: Synthesia Privacy Policy | Record: CA-P-004285
Captured: 2026-04-30 07:49:32 UTC | SHA-256: 7648d9071447f69e…
URL: https://conductatlas.com/platform/synthesia/synthesia-privacy-policy/sub-processor-disclosure-and-third-party-sharing/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document